ks.dll

• File Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\arm\winxp\ks.dll
• Description: Kernel Streaming Debugger Extensions

Hashes

Type	Hash
MD5	86870BA08C5863459C26C285EF334866
SHA1	06AA1119A827D044732CFA7003F88165CC05AE58
SHA256	35B110DA500DF2CBD44240B347C5BE1A6FE90FF70A2758445FE3BC97CD09736F
SHA384	0CF1C79315A2CF7AD123C9D828BED3CFBE0C08D60F6BC558F21E789A840974895F85AB97C3104E7CF7D6CED18EF4AC90
SHA512	96AC433EFD0650988E7A07EF6C91867F5C9ABFB2B36235A781FB1E55CBCB93995ABC88FB87A98AE372EF203905B41470A73E61C7EEC06EF13450EDD43771E24D
SSDEEP	12288:sHgnn7BJl0Tvz2Jqjp75ixZjWvSv24Dy1O3SkvxA2Dvj2dy6XqEU:sHljkvj27XDU
IMP	B99BDFDD8B16085F3E0616BA774D05AF
PESHA1	AE19342BC37F107CD370171E50905395452EA62A
PE256	E405EB1F298A54BF17280939C55EDD36CD01DF557B53A434954BD7874D3CAC2A

DLL Exports:

Function Name	Ordinal	Type
help	22	Exported Function
kshelp	23	Exported Function
libexts	24	Exported Function
graph	21	Exported Function
ExtensionApiVersion	2	Exported Function
findlive	19	Exported Function
forcedump	20	Exported Function
objhdr	25	Exported Function
shdr	30	Exported Function
topology	31	Exported Function
WinDbgExtensionDllInit	3	Exported Function
pciks	29	Exported Function
ohdr	26	Exported Function
pchelp	27	Exported Function
pciaudio	28	Exported Function
eval	18	Exported Function
DebugExtensionNotify	5	Exported Function
DebugExtensionUninitialize	6	Exported Function
devhdr	9	Exported Function
DebugExtensionInitialize	4	Exported Function
allstreams	7	Exported Function
automation	8	Exported Function
CheckVersion	1	Exported Function
dhdr	10	Exported Function
dumpqueue	15	Exported Function
enumdevobj	16	Exported Function
enumdrvobj	17	Exported Function
dumplog	14	Exported Function
dump	11	Exported Function
dumpbag	12	Exported Function
dumpcircuit	13	Exported Function

Signature

• Status: Signature verified.
• Serial: 33000002B7E8E007A82AEF13150000000002B7
• Thumbprint: 5A68625F1A516670A744F7EF919500A479D32A5B
• Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows Kits Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: ks.dll
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 452

File Scan

• VirusTotal Detections: Unknown

MIT License. Copyright (c) 2020-2021 Strontic.